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AMENDMENTS TO THE CLAIMS 
This listing of claims replaces all prior versions, and listings, of claims in the 
application: 
Listing of Claims: 

1 . (Currently Amended) In a system including a service that is accessed by 
a user from one or more devices with varying input capabilities, a method for 
associating muhiple credentials with a single user account such that the user may be 
authenticated with any one of the multiple credentials, the method comprising an 
authentication system performing acts of: 

receiving an authentication request at the authentication system from a 
device, wherein cr e d e ntials of the user ar e includ e d in t he authentication 
reques t includes credentials of the user, the credentials being selected by the 
user from among a plurality of credentials based at least partially on the user's 
device : 

validating the credentials provided by the user, wherein the credentials 
are associated with a single unique user identifier of the user, a user account, 
and a user profile; 

receiving new credentials from the user, wherein the new credentials are 
associated with the same unique user identifier of the user, user account, and 
user profile; 

storing the new credentials in [[a]] the credential store of the 
authentication system such that the authentication system can authenticate the 
user to the service when the user provides any one of the multiple credentials 
associated with the user account; and 

providing, in response to the request, the imique user identifier and the 
user profile to the device. 
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2. (Previously Presented) A method as defined in claim 1, wherein the 
authentication system is a distributed authentication system, wherein the act of 
receiving an authentication request at the authentication system further comprises an 
act of determining where to send the credentials for validation. 

3. (Original) A method as defined in claim 2, wherein the act of 
determining where to send the credentials for validation uses a usemame of the 
credentials. 

4. (Previously Presented) A method as defined in claim 1, wherein the act 
of receiving new credentials firom the user fiirther comprises an act of symmetrically 
associating the new credentials with a unique user identifier. 

5. (Previously Presented) A method as defined in claim 4, wherein the act 
of symmetrically associating the new credential with a unique user identifier further 
comprises an act of associating the new credentials with a user account. 

6. (Previously Presented) A method as defined in claim 4, wherein the act 
of symmetrically associating the new credential with a unique user identifier further 
comprises an act of caching a copy of the unique user identifier with the new 

credential. 

7. (Previously Presented) A method as defined in claim 1, wherein the act 
of receiving new credentials firom the user further comprises an act of asymmetrically 
associating the new credentials with a primary credential, wherein the primary 
credential is stored in a primary store with the unique user identifier. 
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8. (Original) A method as defined in claim 1, fUrther comprising one or 
more of: 

a step for remembering which credential was received in the 
authentication request; 

a step for prompting the user for a more secure credential when the 
credentials received in the authentication request do not meet security 
requirements of the service; and 

a step for providing at least one security measure for each credential 
associated with the user account, wherein the user is not authenticated to a 
service if the security measure of a particular credential is breached or the user 
account is locked. 
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9. (Currently Amended) In a system that includes multiple services that are 
accessed by a user over a network such as the Mtemet, wherein the user accesses the 
multiple services from one or more devices that have varying input capabilities, a 
method for accessing a service from a device, the method comprising acts of: 

providing multiple credentials to an authentication system, wherein each 
of the multiple credentials is associated with a user account, a unique user 
identifier and a user profile that is maintained by the authentication system; 

requesting access to a service using a device included in the one or more 
devices, wherein the service requires that the user be authenticated before access 
to the service is granted to the user, wherein the device is redirected to the 
authentication system; 

the user selecting an access credential based on at least partially on the 
user's device t o send to the authentication system from the multiple credentials 
and entering the access credential selected by the user in the device; 

issuing an authentication request to an authentication system, wherein 
the authentication request includes the access credential selected by the user; 

receiving an authentication response from the authentication system, 
wherein the authentication response includes [[a]] the unique user identifier that 
authenticates the user to the service if the access credential selected by the user 
is validated, the response also including the user profile; and 

sending an authenticated request to the service, wherein the authenticated 
request includes the unique user identifier and user profile such that access to 
the service is obtained. 

10. (Original) A method as defined in claim 9, wherein the act of 
selecting an access credential to send to an authentication system from multiple 
credentials further comprises an act of selecting the access credential according to an 
input capability of the device. 
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11. (Original) A method as defined in claim 10, wherein the access 
credential is a mimerical credential when the device has numerical input. 

12. (Previously Presented) A method as defined in claim 9, , the method 
further comprising: 

an act of requiring the user to provide a secure credential to the 
authentication system that is more secure than the access credential; and 

an act of providing the service with a level of security of the secure 
credential and of the access credential, wherein the service is unaware of both 
the selected credential and the secure credential. 

13. (Currently Amended) A method as defined in claim 9, wherein the 
authentication system is a distributed system and wherein some of the multiple 

credentials are stored on different credential stores, wherein the act of providing 
multiple credentials to an authentication service further comprises one or more of 

a step for symmetrically associating the multiple credentials with [[a]] 
the unique user identifier, wherein the use identifier is cached with each of the multiple 
credentials; 

a step for symmetrically associating the multiple credentials with a user 
account, wherein a user account is cached with each of the multiple credentials and 

an step for associating a security measure with each of the multiple 
credentials, wherein the user is not authenticated to a service if the security measure of 
a particular credential is breached or the user account is locked. 
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14. (Previously Presented) A method as defined in claim 9, wherein the 
authentication system is a distributed system and wherein some of the multiple 
credentials are stored on different credential stores, wherein the act of providing 
multiple credentials to an authentication service further comprises an act of 
asymmetrically associating the multiple credentials with a primary credential, wherein 
the unique user identifier is stored with the primary credential. 



15-21. (Cancelled) 
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22. (Previously Presented) 

A method as recited in claim 1, wherein the new credential has an 
associated security level and wherein the method further comprises: 

associating the new credential with the user account such that the user 
can be authenticated with both the original credential and the new credential, 

prior to providing the response, and subsequent to receiving the 
authorization request, prompting the user for a secure credential that is more 
secure than the original credential if the security level of the original credential 
is insufficient for a service being accessed by the user, wherein the service is 
provided with the security level of both the original credential and the secure 
credential, but is not aware of either the original credential or the secure 
credential. 
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23. (Previously Presented) A method as defined in claim 22, wherein the step 
for associating the new credential with the user account further comprises a step for 
symmetrically associating the original credential and the new credential with the user 
account, wherein the user account is cached with each of the original credential and the 
new credential. 

24. (Previously Presented) A method as defined in claim 23, wherein the step 

for associating the new credential with the user account further comprises a step for 
asymmetrically associating the new credential with a primary credential, wherein the 
primary credential is associated with the user account and wherein the primary 
credential is cached with each new credential. 

25. (Original) A method as defined in claim 22, fijrther comprising a 
step for automatically authenticating the user at different services after the user has 
been authenticated at a first service. 

26. (Previously Presented) A method as defined in claim 22, wherein the 
original credential is a numerical credential when the device has a preferred numerical 
input. 
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27. (Previously Presented) In a system including a service that is accessed by 
a user from one or more devices with varying input capabilities, a computer program 
product for implementing a method for associating multiple credentials with a user 
account such that the user may be authenticated with anyone of the multiple credentials, 
the computer program product comprising: 

a computer readable storage medium storing computer readable 
instructions for performing the method of claim 1 . 

28. (Previously Presented) A computer program product as defined in claim 
27, wherein the authentication system is a distributed authentication system, wherein 
the act of receiving an authentication request at the authentication system further 
comprises an act of determining where to send the credentials for validation. 
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29. (Original) A computer program product as defined in claim 28, 
wherein the act of determining where to send the credentials for validation uses a 
usemame of the credentials. 

30. (Currently Amended) A computer program product as defined in claim 
27, wherein the act of receiving new credentials firom the user further comprises an act 
of symmetrically associating the new credentials with [[a]] tiie unique user identifier. 

31. (Currently Amended) A computer program product as defined in claim 
30, wherein the act of symmetrically associating the new credential with [[a]] tiie 
unique user identifier further comprises an act of associating the new credentials with a 
user account. 

32. (Currently Amended) A computer program product as defined in claim 
30, wherein the act of symmetiically associating the new credential with [[a]] tiie 
unique user identifier further comprises an act of caching a copy of the unique user 
identifier with the new credential. 

33. (Previously Presented) A computer program product as defined in claim 
27, wherein the act of receiving new credentials from the user fiirther comprises an act 
of asymmetrically associating the new credentials with a primary credential, wherein 
the primary credential is stored in a primary store with the unique user identifier. 
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34. (Original) A computer program product as defined in claim 27, 
flirther comprising acts of: 

remembering which credential was received in the authentication 
request; and 

prompting the user for a more secure credential when the credentials 
received in the authentication request are not sufficient for the service. 
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35. (Previously Presented) In a system that includes multiple services that 
are accessed by a user over a network such as the hitemet, wherein the user accesses 
the multiple services from one or more devices that have varying input capabilities, a 
computer program product for implementing a method for accessing a service from a 
device, the computer program product comprising: 

a computer readable medium having computer executable 
instructions for performing the method of claim 9. 
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36. (Original) A computer program product as defined in claim 35, 
wherein the act of selecting an access credential to send to an authentication system 
from multiple credentials further comprises an act of selecting the access credential 
according to an input capability of the device. 

37. (Original) A computer program product as defined in claim 36, 
wherein the access credential is a numerical credential when the device has numerical 
input. 

38. (Original) A computer program product as defined in claim 35, 
wherein the service requires a level of security, the method further comprising an act of 
providing a secure credential to the authentication system, wherein the secure 
credential is more secure than the access credential and wherein service is unaware of 
both the selected credential and the secure credential. 
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39. (Currently Amended) A computer program product as defined in claim 35, 
wherein the authentication system is a distributed system and wherein some of the multiple 
credentials are stored on different credential stores, wherein the act of providing multiple 
credentials to an authentication service further comprises one or more of: 

an act of symmetrically associating the multiple credentials with [[a]] the unique 
user identifier, wherein the unique user identifier is cached with each of the multiple 
credentials; and 

an act of symmetrically associating the multiple credentials with a user account, 
wherein a user account is cached with each of the multiple credentials. 

40. (Previously Presented) A computer program product as defined in claim 
35, wherein the authentication system is a distiibuted system and wherein some of the multiple 
credentials are stored on different credential stores, wherein the act of providing multiple 

credentials to an authentication service further comprises an act of asymmetrically associating 
the multiple credentials with a primary credential, wherein the unique user identifier is stored 
with the primary credential. 

41. (Previously Presented) A method as defined in claim 1, wherein the same unique 
user identifier is provided to the user regardless of the credentials received from the user. 

42. (Previously Presented) A method as defined in claim 1, wherein different 
credentials are required from each of the one or more devices. 

43. (Previously Presented) A metiiod as defined in claim 1, wherein providing the 
unique user identifier and the user profile to the device comprises sending a cookie containing 
the unique user identifier and the user profile to the device. 
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44. (Previously Presented) A method as defined in claim 1, wherein the user profile 
includes data about the user comprising name, personal information, preferred language, 
preferences, and location. 

45. (New) The method as defined in claim 1, wherein the act of validating the 
credentials provided by the user further comprises an act of the authentication system comparing 
the credentials selected by the user against the credentials stored in the credential store to 
determine vaHdity. 
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